Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Aruba 3810m CPU load and packet loss

This thread has been viewed 11 times
  • 1.  Aruba 3810m CPU load and packet loss

    Posted 10 days ago
    Hi community, 

    We have 2x3810m in stack, worked perfectly but recently some weird things started happening. CPU load spikes up to ~50% followed by packet loss ~ 6% in the network for some seconds.
    Tried to disable snmp, checked with/without spanning tree, nothing helps. 
    Port util is maximum 35% at that moment. 
    Any ideas? 


    # sh running-config
    
    Running configuration:
    
    ; hpStack_KB Configuration Editor; Created on release #KB.16.10.0005
    ; Ver #14:2f.6f.f8.1d.fb.7f.bf.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:40
    
    stacking
       member 1 type "JL076A" mac-address XXXX
       member 2 type "JL076A" mac-address XXXX
       exit
    hostname "CORE1"
    console idle-timeout 1120
    console idle-timeout serial-usb 1120
    trunk 1/1,2/1 trk1 lacp
    trunk 1/2,2/2 trk2 lacp
    trunk 1/3,2/3 trk3 lacp
    trunk 1/4,2/4 trk4 lacp
    trunk 1/5,2/5 trk5 lacp
    trunk 1/6,2/6 trk6 lacp
    trunk 1/7,2/7 trk7 lacp
    trunk 1/8,2/8 trk8 lacp
    trunk 1/9,2/9 trk9 lacp
    trunk 1/10,2/10 trk10 lacp
    trunk 1/11,2/11 trk11 lacp
    trunk 1/12,2/12 trk12 lacp
    trunk 1/13,2/13 trk13 lacp
    trunk 1/14,2/14 trk14 lacp
    trunk 1/17,2/17 trk17 lacp
    trunk 1/18,2/18 trk18 lacp
    trunk 1/19,2/19 trk19 lacp
    trunk 1/20,2/20 trk20 lacp
    trunk 1/21,2/21 trk21 lacp
    trunk 1/22,2/22 trk22 lacp
    trunk 1/23,2/23 trk23 lacp
    trunk 1/24,2/24 trk24 lacp
    trunk 1/48,2/48 trk48 lacp
    timesync ntp
    no sntp
    ntp unicast
    ntp server XXXXX
    time daylight-time-rule middle-europe-and-portugal
    time timezone 60
    ip authorized-managers XXXX 255.255.0.0 access manager
    ip authorized-managers XXXX 255.255.255.0 access manager
    ip authorized-managers XXXX 255.255.255.255 access operator access-method snmp
    ip authorized-managers XXXX 255.255.255.0 access manager
    interface 1/1
       speed-duplex auto-10g
       exit
    interface 1/2
       speed-duplex auto-10g
       exit
    interface 1/3
       speed-duplex auto-10g
       exit
    interface 1/4
       speed-duplex auto-10g
       exit
    interface 1/25
       name " xxxx"
       exit
    interface 1/27
       name " xxxx"
       exit
    interface 1/28
       name " xxxx"
       exit
    interface 1/29
       name " xxxx"
       exit
    interface 1/30
       name " xxxx"
       speed-duplex auto-100
       exit
    interface 1/32
       name " xxxx"
       exit
    interface 1/40
       name " xxxx"
       speed-duplex auto-100
       exit
    interface 1/41
       name " xxxx"
       speed-duplex auto-100
       exit
    interface 1/42
       name " xxxx"
       speed-duplex auto-1000
       exit
    interface 1/48
       name "xxxx"
       exit
    interface 2/1
       speed-duplex auto-10g
       exit
    interface 2/2
       speed-duplex auto-10g
       exit
    interface 2/3
       speed-duplex auto-10g
       exit
    interface 2/4
       speed-duplex auto-10g
       exit
    interface 2/25
       name " xxxx"
       exit
    interface 2/27
       name "xxxx"
       exit
    interface 2/48
       name "xxxx"
       exit
    snmp-server community "xxxx" operator
    oobm
       ip address xxxx 255.255.255.0
       ip default-gateway xxxx
       member 1
          ip address dhcp-bootp
          exit
       member 2
          ip address dhcp-bootp
          exit
       exit
    vlan 1
       name "DEFAULT_VLAN"
       no untagged 1/25-1/32,1/40-1/42,2/25-2/32,Trk1-Trk14,Trk17-Trk24,Trk48
       untagged 1/15-1/16,1/33-1/39,1/43-1/47,2/15-2/16,2/33-2/47
       no ip address
       exit
    vlan 100
       name "10G network"
       untagged Trk1-Trk8
       no ip address
       jumbo
       exit
    vlan 200
       name "DMZ"
       untagged 1/40-1/42,Trk9-Trk14
       tagged Trk48
       no ip address
       exit
    vlan 300
       name "INT"
       untagged 1/25-1/32,2/25-2/32,Trk17-Trk24
       tagged Trk48
       ip address 10.10.10.2 255.255.255.0
       exit
    spanning-tree Trk1 priority 4
    spanning-tree Trk2 priority 4
    spanning-tree Trk3 priority 4
    spanning-tree Trk4 priority 4
    spanning-tree Trk5 priority 4
    spanning-tree Trk6 priority 4
    spanning-tree Trk7 priority 4
    spanning-tree Trk8 priority 4
    spanning-tree Trk9 priority 4
    spanning-tree Trk10 priority 4
    spanning-tree Trk11 priority 4
    spanning-tree Trk12 priority 4
    spanning-tree Trk13 priority 4
    spanning-tree Trk14 priority 4
    spanning-tree Trk17 priority 4
    spanning-tree Trk18 priority 4
    spanning-tree Trk19 priority 4
    spanning-tree Trk20 priority 4
    spanning-tree Trk21 priority 4
    spanning-tree Trk22 priority 4
    spanning-tree Trk23 priority 4
    spanning-tree Trk24 priority 4
    spanning-tree Trk48 priority 4
    spanning-tree priority 0
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    device-profile name "default-ap-profile"
       cos 0
       exit
    activate software-update disable
    activate provision disable
    ​


  • 2.  RE: Aruba 3810m CPU load and packet loss

    Posted 10 days ago
    Is it normal to see about 30% (of 1Gbps) on each aggregate interface Trk13's member link (so 30% on 1/13 and 30% on 2/13) probably exchanged with aggregates Trk10 (1/10 15% + 2/10 12%) and Trk12 (1/12 11% +2/12 11%)...it seems internal traffic between aggregates (totally possible).

    The point is the symptoms you described let me to think there is something related to Spanning Tree kicking in.

    You have only defined Spanning Tree priority 0 but...what's about all those LACP Port Trunks? what are the connected peers? other switches? servers?

    In any case if I were you I will secure those downlink(s) with some additional Spanning Tree options like BPDU filtering, root guard and point-to-point where/if needed (last but not least loop-protect too).

    Edit: Is the show logging -r command reporting something interesting?

    ------------------------------
    Davide Poletto
    ------------------------------